IDA Pro return wrong addresses?

[Cycoder]

Hey,
I Try to find out the right offsets for QueryAuctionItems(), but if i do it with IDA Pro the offsets / addy is wrong.. WoW Crashing when i try it.
I had try it with cheatengine & MiniMap:Setzoom() -> the offset that i found with cheatengine works great.. but i want to use ida pro for finding the offsets.
Can someone help me? I calculate the offsets with ->

Code:

 FUNC_ADDY - BASE_ADDY (00400000) = Offset
Wow.exe Base + Offset = Function i want to call

By the way, i use the 32bit Binary from Wow
can someone help me, what i can do that i get the right offsets out of ida? :confused:


p.s: sorry for my bad english

[Frosttall]

Lua functions can't or at least should not be called directly but you should use FrameScript_ExecuteBuffer and call that function from the mainthread. The last thing is pretty important since the whole lua-engine is written singlethreaded and will go crazy if you call it from a different thread than the mainthread.

Achieving calls from the mainthread is possible via hooking some frequently called functions and checking the current threads id via GetCurrentThreadId and comparing it to the mainthread id. If they're equal call your code, otherwise just skip the execution.
The second approach is simply hooking EndScene and SwapChain - they're always called from the mainthread.


P.S. I'm nice today, but expecting help without giving any informations like Code, Crashlogs etc isn't a great idea

[ccKep]

Code:

BASE_ADDY (00400000) - FUNC_ADDY = Offset

Sad Panda.

Common sense tells that the function address is greater than the image base, hence your result would be negative...

[Cycoder]

oh..sorry should "FUNC_ADDY - BASE_ADDY = Offset" not the other .. sorry ..

Crashlogs etc had no sense here.. its the search of the offset where i fail,
not the coding part himself. Ida Pro say the offset are 0x6578D5 but its really 0x2E1F00 ..
Ollydbg say the same as Ida Pro, but its wrong (don´t point to the real function that i want to call).. uhm yes.. :x

My C++ Works fine with the right offset, but i cant find the right offsets for the functions i like to use with ida pro / ollydbg because they are wrong :s
But hey, here my code..

#define offset 0x2E1F00

DWORD WINAPI hackthread(void)
{
DWORD EngineBase = (DWORD)GetModuleHandle(0);
DWORD ReloadFunc = EngineBase+offset;

typedef int(__cdecl* ReloadUI)(int zoomlvl);
ReloadUI my_ReloadUI = (ReloadUI)ReloadFunc;

my_ReloadUI(0); //Minimap Zoom
return 0;
}

And the prof that it works


I have only Problems with finding the right offsets :s

[ccKep]

Maybe you should explain in more detail how you're trying to obtain the offset (working method with CE and your attempt (maybe screenshots) with IDA / Olly)

[Cycoder]

Way with Cheatengine ->
1) search the ingame variable for the zoomlevel of SetZoom(zoomlevel) like a singleplayer ammo/health cheat
2) set the debugger on the variable with "look what writes to this address"
3) look what function writes on the variable ingame if i change the zoomlevel with the zoom button ingame
4) show the adresse in memory viewer and click "select function"
5) voila, the SetZoom() function
6) Setzoom_Addy - BaseAddy = offset

Way with Ida Pro->
1) open Strings Window and Search for "SetZoom"
2) select the function from the SetZoom
3) http://img850.imageshack.us/img850/5155/57316275.png
4) the functionaddy that shown in ida pro - baseaddy = offset

[ccKep]

Way with Cheatengine ->
1) search the ingame variable for the zoomlevel of SetZoom(zoomlevel) like a singleplayer ammo/health cheat
2) set the debugger on the variable with "look what writes to this address"
3) look what function writes on the variable ingame if i change the zoomlevel with the zoom button ingame
4) show the adresse in memory viewer and click "select function"
5) voila, the SetZoom() function
6) Setzoom_Addy - BaseAddy = offset

Way with Ida Pro->
1) open Strings Window and Search for "SetZoom"
2) select the function from the SetZoom
3) http://img850.imageshack.us/img850/5155/57316275.png
4) the functionaddy that shown in ida pro - baseaddy = offset

Your method of finding the function in IDA brings you to the lua wrapper function.

Code:

int __cdecl Script_SetZoom(int luaState)
{
  int v2;

  if ( lua_isnumber(luaState, 2) )
  {
    v2 = lua_tonumber(luaState, 2);    // get lua argument (the actual zoom level)
    sub_6DFF90(v2);                    // call real function with the correct zoom level, this is the function CE finds since this function access the variable responsible for the zoom level
  }
  else
  {
    luaL_error(luaState, "Usage: SetZoom(level)", v3);
  }
  return 0;
}

Edit: My paste is from an old 16357 build, yours is at 0x6E1F00 (-0x400000, so offset is 0x2E1F00)

[Cycoder]

okay thanks..
that mean i failed hard ..
sorry for the fail with the lua wrapper function :/
how can i find the real functions?i dont know how i can find it with a other way.. any tipps for me?

[ccKep]

okay thanks..
that mean i failed hard ..
sorry for the fail with the lua wrapper function :/
how can i find the real functions? i dont have a rebased wow.idb and dont know how to rebase it.. how i can rebase it?

Rebasing has nothing to do with finding the correct function, but you can do it via Edit -> Segments -> Rebase program.
Try taking a look at the function using the Hex-Rays plugin (generates C code from the asm instructions).
It also helps to get an .idb file from the info dumps threads here (TOM_RUS posts them regularly) since quite a few of the functions are already named there (for example the luaL_error stuff up there).